Mercurial > prosody-modules
comparison mod_s2s_auth_dane/README.markdown @ 2495:5ca2470a7755
merged upstream changes
author | tmolitor <thilo@eightysoft.de> |
---|---|
date | Sun, 12 Feb 2017 21:24:08 +0100 |
parents | a6486881fe42 |
children | daabba8fb45b |
comparison
equal
deleted
inserted
replaced
2494:d300ae5dba87 | 2495:5ca2470a7755 |
---|---|
61 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. | 61 _xmpp-server._tcp.example.com IN SRV 0 0 5269 xmpp.example.com. |
62 ; IPv4 and IPv6 addresses | 62 ; IPv4 and IPv6 addresses |
63 xmpp.example.com. IN A 192.0.2.68 | 63 xmpp.example.com. IN A 192.0.2.68 |
64 xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 | 64 xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341 |
65 | 65 |
66 ; The DANE TLSA records. These three are equivalent, you would use only one of them. | 66 ; The DANE TLSA records. |
67 ; First, using symbolic names: | |
68 _5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | |
69 ; Using numbers: | |
70 _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | 67 _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
71 ; Raw binary format, should work even with very old DNS tools: | 68 |
69 ; If your zone file tooling does not support TLSA records, you can try the raw binary format: | |
72 _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 | 70 _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
73 | 71 |
74 [List of DNSSEC and DANE | 72 [List of DNSSEC and DANE |
75 tools](http://www.internetsociety.org/deploy360/dnssec/tools/) | 73 tools](http://www.internetsociety.org/deploy360/dnssec/tools/) |
76 | 74 |
81 | 79 |
82 Compatibility | 80 Compatibility |
83 ============= | 81 ============= |
84 | 82 |
85 Requires 0.9 or above. | 83 Requires 0.9 or above. |
84 | |
85 Known issues | |
86 ============ | |
87 | |
88 - A race condition between the DANE lookup and completion of the TLS | |
89 handshake may cause a crash. This does not happen in **trunk** | |
90 thanks to better async support. | |
91 | |
92 |